package com.ml.filter;



import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import java.io.IOException;
import java.util.List;
import java.util.Map;

//import com.baomidou.kisso.SSOConfig;

/**
 * 本拦截器只对webservice 有效 即 wwww.aaa.com/api/**的访问拦截
 * 本来打算做个需要拦截就加注解的方式
 * 但是发现几乎所有的请求都需要拦截，
 * 因此这里采用系统白名单的方式，进行免拦截
 * @Time 2019年6月
 * @Author zzy
 */
//@Controller
public class CORSFilter implements Filter{



    public void destroy() {

    }

    public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) throws ServletException, IOException {

        HttpServletResponse response = (HttpServletResponse) resp;
        HttpServletRequest request = (HttpServletRequest) req ;
        response.setHeader("Access-Control-Allow-Origin","*");
        response.setHeader("Access-Control-Allow-Credentials", "true");
        response.setHeader("Access-Control-Allow-Methods","POST,GET,OPTIONS,DELETE, PUT");
        response.setHeader("Access-Control-Max-Age","3600");
        response.setHeader("Access-Control-Allow-Headers","Authorization,Origin, X-Requested-With, Content-Type, Accept,Access-Token");
        response.setHeader("Access-Control-Expose-Headers", "*");
        //response.setDateHeader("expries", -1);
        //response.setHeader("Cache-Control", "no-cache");
        //response.setHeader("Pragma", "no-cache");
        chain.doFilter(req, resp);
        /*if(isAuthorization(request,response)){
            chain.doFilter(req, resp);
        }else{
            response.setCharacterEncoding("utf8");
            JSONObject obj = new JSONObject();
            obj.put("code","403");
            obj.put("msg", "no_power");
            response.getWriter().println(obj.toJSONString());
        }*/


    }

    public void init(FilterConfig config) throws ServletException {

    }


    /**
     * 在前端的时候有时候不需要登陆就要拿到一些数据
     *  true 表示不需要拦截，false 需要拦截
     * @return
     */
    public boolean isHandle(HttpServletRequest request){
        String requestUrl = request.getRequestURI();//获取当前请求的url
        boolean flag = true;

        return flag;//不需要拦截
    }



    public boolean isAuthorization(HttpServletRequest request, HttpServletResponse response){
        return true;
    }
}
